According to most statistics, ransomware attacks decreased almost 30% over the past 12 months. Apparently, good news, but there’s a catch, as the “market” has more room for even more sophisticated ransomware variants. It is exactly what happened, the number of attacks dropped, but the level of complexity among the new variants increased.

Many factors influenced the ransomware market’s decline, including overexposure, awareness, the refusal of many victims to pay and others. The numbers are, of course, only one face of the market, while the other turns out to be even more frightening. Massive ransomware campaigns, like WannaCry, Cerber and Locky raised the awareness of the users, making the entire ransomware business somehow unprofitable at this scale in relation to the efforts needed for distribution. This is one reason targeted attacks increased, and ransom demands decreased, according to Symantec’s ISTR report. Attacking specific businesses and demanding a “fair” amount of money turned out to be more profitable for the cybercriminals. However, targeted attacks are more difficult, and so the need to develop more sophisticated ransomware became quite evident.

In the last year or so, the number of ransomware families also dropped 71%, according to Symantec, but the number of variants increased 46%, along with their technical complexity. New distribution methods and techniques were developed, bundling the ransomware in very capable and complicated vulnerability exploiting kits, making them even more dangerous than the previously released variants. Cybercriminals without extensive developer skills also gained access to ransomware bundles, using an illegal and “underground” service, which delivered them everything they need for an attack in a few easy clicks. It’s called RaaS (ransomware as-a-service). This phenomenon contributed to the decline of the ransomware families and the increase of the variants, as there was no need to develop new families, but re-use and continuously improve the existing ones.

Malwarebytes reports similar results, a decrease in massive consumer and business attacks, ranking them fifth in the malware hierarchy, but highlighting that businesses and organizations are most likely the targets of choice for future ransomware campaigns.

The Colorado Department of Transportation was struck two times in two weeks by different variants of SamSam, bringing down all operations. CDOT was still recovering from the first attack when the second one came shortly after. Authorities said that the countermeasures implemented after the first strike, to prevent such a thing from happening again, didn’t work because the ransomware “morphed into something ahead of their tools”. Estimated recovery costs: $1.5 million. (https://www.denverpost.com/2018/04/05/samsam-ransomware-cdot-cost/)

An unknown ransomware rendered inoperable all communication systems of a Chinese shipping company at the Port of Long Beach (California). Their website, email and phone number were down. Fortunately, logistics were not affected, but COSCO employees had to use Yahoo email accounts and Twitter to communicate. (http://techgenix.com/cosco-ransomware-attack/)

Conclusion

Although worldwide the number of massive ransomware attacks decreased, the targeted business attacks increased. Ransomware evolved exponentially in the last year, becoming complex hacking tools, automatically spreading across networks, exploiting vulnerabilities and poorly secured systems and services. Even though many companies and government contractors did their very best to prevent such incidents, they happened and continue to happen to this date, bypassing traditional anti-malware solutions, making use of advanced techniques to avoid detection.
There are countless reports where backups and conventional anti-malware solutions were just not enough, which clearly proves that dedicated anti-ransomware must be implemented, primarily by businesses, to help prevent data loss and downtime.

How we can help

Our dedicated solution, TEMASOFT Ranstop, is an anti-ransomware software software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss. TEMASOFT Ranstop is at the core of any multi-layered security strategy designed to protect against ransomware.

For more information, follow us on social media and subscribe to our newsletter.

We have updated our policies to incorporate the changes specified in Regulation (EU) 2016/679 on the protection of individuals concerning the processing of personal data and on the free movement of such data. Please read how Temasoft processes personal data on our Privacy Policy page. By continuing to browse our site, confirm your acceptance of the use of cookies. Your data can be deleted at any time by following the instructions in the Cookie Policy or Privacy Policy sections.